A new zero-day Microsoft Word vulnerability could give hackers complete control of your computer. Even if you don’t open an infected file, the vulnerability may be exploited.
Despite the fact that we’re still waiting for a fix, Microsoft has already provided a solution to this vulnerability, so if you use MS Office on a regular basis, you should check it out.
Beware of the new Microsoft Word vulnerability
Microsoft Word vulnerability, dubbed Follina by one of the researchers who initially investigated it — Kevin Beaumont, who also published a lengthy post about it — has thus far been attributed to the MSDT tool. It was originally discovered on May 27 via a tweet from nao_sec, although Microsoft apparently first learned of it as early as April. Although no fix has yet been released for it, Microsoft’s solution entails turning off the Microsoft Support Diagnostic Tool (MSDT), which is how the exploit gains access to the computer that is being attacked.
Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code.https://t.co/hTdAfHOUx3 pic.twitter.com/rVSb02ZTwt
— nao_sec (@nao_sec) May 27, 2022
The Microsoft Word vulnerability is a remote code execution failure in MS Word that affects primarily .rtf files. MS Word’s Templates feature allows it to load and execute code from external sources, which Follina utilizes to gain access to the computer and then runs a series of commands that open up MSDT. Under normal circumstances, Windows users may use Microsoft Diagnostic Tool for Windows (MSDT) to solve various problems without issue. Unfortunately, because this tool also gives remote access to your computer, it aids the exploit in taking control of it.
The exploit can operate even if you don’t open the file in the case of .rtf files. Follina can be launched as long as you view it in File Explorer. Once the attacker compromises your computer via MSDT, they have carte blanche to do whatever they want with it. They may download harmful software, leak sensitive data, and more.
Beaumont has included several Follina examples in the past, including how it has already been utilized and discovered in various files. Financial extortion is just one of many things this exploit is being used for. Of course — you don’t want this on your PC.
What to do until Microsoft releases a patch?
There are a few things you may do to avoid the Microsoft Word vulnerability until the company releases a patch to fix it. The official solution, as things stand now, is the workaround; we don’t know for sure what else will come next.
To begin, check if your Office version is one of those affected by the Microsoft Word vulnerability. The bug has been discovered in Office 2013, 2016, 2019, 2021, Office ProPlus, and Office 365 so far. There’s no knowing whether older versions of Microsoft Office are protected; thus, it’s important to take further precautions to safeguard yourself.
It’s not a terrible idea to avoid utilizing. doc, .docx, and.rtf files for the time being if you can do so. Consider migrating to cloud-based services like Google Docs. Only accept and download files from 100 percent-identified sources — which is a good rule of thumb in general. By the way, you can discover everything you need to know about Microsoft Office 2021, by visiting our article.
Finally, follow Microsoft’s instructions on disabling MSDT. You’ll need to open the Command Prompt and run it as administrator, then type in a few of statements. If all goes well, you should be safe from Follina. However, keep in mind that caution is always advised.
Below we share the necessary steps to disable the MSDT URL Protocol, provided by Microsoft:
Disabling MSDT URL protocol prevents troubleshooters being launched as links including links throughout the operating system. Troubleshooters can still be accessed using the Get Help application and in system settings as other or additional troubleshooters. Follow these steps to disable:
- Run Command Prompt as Administrator.
- To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
- Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.
How to undo the workaround
-
Run Command Prompt as Administrator.
-
To restore the registry key, execute the command “reg import filename”
Microsoft is not the only victim of cyberattacks, for instance, hackers try to target European officials to get info on Ukrainian refugees, supplies.